OSINT Toolbox Talk: Extracting YouTube comments, extracting Instagram user data and monitoring WhatsApp contacts

OSINT Toolbox Talk

Extracting comments from YouTube videos, extracting Instagram user data and monitoring WhatsApp contacts

Rounding up a very productive fortnight of OSINT tool testing, we present another three must-have tools for Digital Investigators to add to their toolbox. We will start by presenting the awesome YouTube Comment Search and show how it can be effectively used to extract comments associated with YouTube videos. We will then go even further by explaining its significance with regards to online grooming investigations. Next, we will show you Sterraxcyl, a very neat Python-based script that allows investigators to extract a wide-range of data from Instagram user accounts. Finally, we will present WhatsApp-Monitor, a very cool program that allows users to generate activity logs based on the activity of WhatsApp contacts.

Searching and extracting video comments with 'YouTube Comment Search' Searching and extracting video comments with 'YouTube Comment Search' https://chrome.google.com/webstore/detail/ycs-youtube-comment-searc/pmfhcilikeembgbiadjiojgfgcfbcoaa/related?hl=en

We will start this latest OSINT Tool Review perhaps in a usual fashion by giving YouTube Comment Search a huge ‘thumbs-up’ from the OS2INT team. This very slick Google Chrome Extension is highly effective, simple to use with its clean interface, and very slick in functionality!

This tool is perhaps one of a very small handful of tools tailored towards extracting valuable data from YouTube. The question that many of our readers will no doubt ask is “why should I be concerned about YouTube videos?” The answer lies in numerous news articles and research which rightly points out a continued trend in the use of YouTube by sex offenders to groom children. Buzzfeed news reporter Charlie Warzel wrote in 2017 that a large number of YouTube user accounts are publishing disturbing and exploitative videos aimed at and starring children in compromising, predatory, or creepy situations — and racking up millions of views. Whilst YouTube has taken steps to address the issue of child exploitation on its platform, instances of children being encouraged by sex offenders to undertake so-called ‘challenges’. So, Digital Investigations focusing on YouTube remains relevant, especially from a child protection perspective. Additionally, our searches found instances of far-right and Islamic extremism being uploaded to YouTube – with accompanying comments providing us with a clear view of individuals of intelligence interest.

So where does YouTube Comment Search come into our discussion?… Comments posted in response to YouTube videos are an incredibly important source of information that is often overlooked. Comments can enable Digital Investigators to identify people who may be regarded as suspects in relation to a case involving online child grooming. It could also, in some instances, enable Digital Investigators to map a potential network of individuals undertaking such crimes against children. For its part, YouTube Comment Search allow Digital Investigators to search through all comments posted in relation to a YouTube video – without such a capability, investigators would need to use an auto-scroll plugin to reveal all posted comments, then use their browser’s native search function. This is both a time-consuming and RAM-intensive task for any browser to undertake. Lastly, YouTube Comment Search allows Digital Investigators to export all comments posted in relation to a YouTube video to a text file – the process itself taking milliseconds to achieve.

So, you may now be asking “what can we use YouTube Comment Search’s output for?”. One answer to this is that we can transform the information contained within the text file into a comma-separated value (CSV) file and use it within a data visualisation tool such as Gephi – by repeating the process across several target videos, a very neat network relationship chart can be built to show individuals of intelligence interest.

In conclusion, we like everything there is about this tool, it does exactly what it says through a simple user interface that has so far not failed (even when processing tens of thousands of comments!). Considering that we have delved deep into this tool and explained why it should be included in every Digital Investigator’s toolbox, we should (for the sake of being objective) discuss some improvements which could be made to the tool. Firstly, we would recommend that the tool has the capability to output comment lists in multiple formats such as .txt, .json and also .csv – this would make it easier for Digital Investigators to use the data within more specialised solutions such as Gephi. Lastly, the tool would benefit greatly by allowing investigators to run multiple keywords and / or boolean search queries.

All-in-all, we shouldn’t say more about this tool, it is fantastic, simple as that!

Extracting user information from Instagram with Sterraxcyl Extracting user information from Instagram with Sterraxcyl https://github.com/novitae/sterraxcyl

There is an abundance of OSINT tools focused on Instagram, each has its own capabilities, pros, and cons. In this OSINT Tool Review we will introduce Sterraxcyl, a lightweight Python script that packs a lot of punch with regards to extracting useful information from Instagram and exporting such data into an excel or csv file.

Like most Instagram-focused tools, Sterraxcyl requires users to input their Instagram credentials before they can use it. Afterwards, within the command-line interface, users can indicate their specified target, what data they want to extract, and what output they require. Sterraxcyl offers two methods of extraction: express-mode and all-infos. The differences between both extraction methods and their capabilities are indicated below:

The express-mode method of extraction allows users to extract the following from target Instagram accounts:

  • User ID
  • Username
  • Full name
  • Page link
  • Biography
  • IsPrivate (indicates whether the page is private or public)
  • Followers count
  • Following count
  • Posts count
  • External link
  • IsBusiness (Indicates whether the account has been listed as business or personal)
  • IsProfessional (A sub-category for business accounts that allows users to determine the nature of their business)
  • IsVerified (Indicates whether the page has been verified by the user)

In addition to the above, the all-infos method of extraction will attempt to extract the following data:

  • Business address
  • Business category
  • Business contact method
  • Business email
  • Business phone number
  • Connected Facebook page
  • Mutual followed by count
  • Facebook ID
  • Has Effects (Indicates whether the target account is using camera and face effects)
  • Has Channel (Indicates whether the target account has its own channel)
  • Has Clips (Indicates whether the target account has any Instagram Reels – 15-second video clips)
  • Has Guide (Indicates whether the target account has any Instagram Guides – uploaded content with custom commentary)
  • Hide Like and View Count (Indicates whether the target account has hidden ‘like’ and ‘view count’ information)
  • Has joined recently

With regards to Sterraxcyl’s output, it must be said that it is quite extensive. During our test, we were able to extract a sizable Following and Follower list and export it to a csv file. But, what we especially like about Sterraxcyl is its capability to extract individual Following and Follower details such as usernames, full names and biography – this certainly helps the investigator to save time. Also, the tool itself crawls at a slightly lower speed – ensuring that it doesn’t get flagged by Instagram’s rate-limiting mechanisms.

Aside from the slower crawl rate which has its own pros and cons, Sterraxcyl is quite an effective tool. The tool’s output – namely the csv file of Follower and Following data – can most certainly be used by Digital Investigators to create a visual representation of the target profile’s social network, then combine it with several others through the use of a free data visualisation tool such as Gephi. All in all, Sterraxcyl comes with our recommendation for its wide-ranging extraction capabilities. Whilst it generally has the same type of extraction capabilities as other open-source tools, we find that Sterraxcyl is unique due to the fact that it outputs slightly more information than other tools. Also, the tool’s slow crawl rate is also considered to be a capability in its own right based on Instagram actively seeking to prevent the OSINT tools on its platform.

Monitoring the activity of WhatsApp contacts with 'WhatsApp-Monitor' Monitoring the activity of WhatsApp contacts with 'WhatsApp-Monitor' https://github.com/rizwansoaib/whatsapp-monitor

We can confidently say that OSINT tools for WhatsApp are limited both in terms of numbers and capabilities. That said, we stumbled across WhatsApp-Monitor out of pure chance and we were relatively impressed with the functionality of this tool. So, what is WhatsApp-Monitor? It is a Java-based tool that can be installed through an executable file and paired with your WhatsApp profile within a Windows, Debian and Mac operating system. At the same time, it can be used as a Google Chrome Extension or Mozilla Firefox Add-on. Additionally, the tool has the capability to provide Cross Platform Notifications on Android and iOS mobile operating systems.

So what can this tool do? In short, it is designed to log the session activity and duration of your WhatsApp contacts and allow you to monitor when they are online. Going further, the tool can then output activity logs as a csv, MS Excel file or PDF. The tool itself has no real limits in terms of the number of user sessions it can log, and it will continue to function for as long as your device is connected to the tool.

Deploying the tool is extraordinarily easy. The tool itself can be downloaded and installed from a single executable file onto your operating system. After installation, users can pair their device to it by scanning the unique QR code. By simply executing the capture session, the tool can then log the dates and times each time contacts go online. During our test, we saw no issues with regard to the installation and deployment of the tool. In fact, it was by far the most easiest we have used to date.

Overall, WhatsApp-Monitor is a neat tool that does exactly what it is meant to do.

However, our readers will no doubt be asking can it be used for? Unfortunately, we can only identify a couple of uses cases where this tool can be deemed of any use. For example, if a Digital Investigator has connected to their target using a burner phone, then this tool can most certainly be useful in terms of logging the activity of that same target. Alternatively, in the case where a mobile device has been officially seized, then this tool could also be used in order to expand the scope of an investigation.

That aside, it must be stressed that this tool only has a single capability. However, we firmly believe that it would immensely benefit from integrated analytical features which could allow Digital Investigators to visualise activity taking place on WhatsApp. We do know that there are several platforms that provide analysis of WhatsApp accounts, and in this case, we certainly believe that an integration of such features would go a very long way indeed.

Let's talk today Are you ready to begin discussing our range of training and capability development solutions?